Get certified and sit your official CISM exam in just four days with accelerated CISM training from Firebrand. Prove you're among the top information security managers; on this four-day accelerated CISM course, you'll get the skills you need to manage, design, oversee and assess enterprise information security.

The CISM (certified information security manager) certification proves your knowledge of information security programs and their role within business goals and objectives. You'll be immersed in this course through Firebrand's unique Lecture | Lab | Review technique as you study the four CISM domains:

Information Security Governance

Information Risk Management and Compliance

Information Security Program Development and Management

Information Security Incident Management

On this security management course, you’ll also go beyond the official curriculum as you gain the knowledge needed to pass your CISM exam, which you’ll sit at the Firebrand Training Centre. If you're an information security manager or have information security management responsibilities, this accelerated CISM training is ideal for you.

Exclusive: Sit your CISM exam on this accelerated course

Firebrand is an ISACA Accredited Training Organisation (ATO). This means you'll have access to official ISACA courseware and will sit your CISM exam at the Firebrand Training Centre during your accelerated course. If you don't pass first time, don't worry, you'll be covered by your Certification Guarantee.

Firebrand is a premier ISACA partner for EMEA and the US. No other partner in these regions trains more students.

Professional certification gives you and your organisation a competitive advantage in the marketplace. Although certification may not be mandatory for you at this time, a growing number of organisations are requiring or recommending that employees become certified. To help ensure success in the global marketplace, it is vital to select a certification program based on universally accepted information security management practices. CISM delivers such a program.

Benefits of CISM Certification

Recognition of attainment of advanced job skills for the information security professional

Domain 3 - Information Security Program Development and Management (25%)

Domain 4 - Information Security Incident Management (18%)

Domain 1 - Information Security Governance (24%)

Learn how to establish and maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organisational goals and objectives. You’ll also learn how to manage information risk and program resources responsibly.

Task Statements:

Establish and maintain an information security strategy in alignment with organisational goals and objectives to guide the establishment and ongoing management of the information security program

Establish and maintain an information security governance framework to guide activities that support the information security strategy

Integrate information security governance into corporate governance to ensure that organisational goals and objectives are supported by the information security program

Establish and maintain information security policies to communicate management’s directives and guide the development of standards, procedures and guidelines

Develop business cases to support investments in information security

Identify internal and external influences to the organisation (for example, technology, business environment, risk tolerance, geographic location, legal and regulatory requirements) to ensure that these factors are addressed by the information security strategy

Obtain commitment from senior management and support from other stakeholders to maximise the probability of successful implementation of the information security strategy

Define and communicate the roles and responsibilities of information security throughout the organisation to establish clear accountabilities and lines of authority

Internationally recognised standards, frameworks and best practices related to information security governance and strategy development

Methods to develop information security policies

Methods to develop business cases

Strategic budgetary planning and reporting methods

The internal and external influences to the organisation (for example, technology, business environment, risk tolerance, geographic location, legal and regulatory requirements) and how they impact the information security strategy

Methods to obtain commitment from senior management and support from other stakeholders for information security

Information security management roles and responsibilities

Organisational structures and lines of authority

Methods to establish new or utilise existing, reporting and communication channels throughout an organisation

Evaluate information security controls to determine whether they are appropriate and effectively mitigate risk to an acceptable level

Identify the gap between current and desired risk levels to manage risk to an acceptable level

Integrate information risk management into business and IT processes (for example, development, procurement, project management, mergers and acquisitions) to promote a consistent and comprehensive information risk management process across the organisation

Monitor existing risk to ensure that changes are identified and managed appropriately

Report noncompliance and other changes in information risk to appropriate management to assist in the risk management decision-making process

Knowledge Statements:

Methods to establish an information asset classification model consistent with business objectives

Methods used to assign the responsibilities for and ownership of information assets and risk

Methods to evaluate the impact of adverse events on the business

Information asset valuation methodologies

Legal, regulatory, organisational and other requirements related to information security

Control baseline modelling and its relationship to risk-based assessments

Information security controls and countermeasures and the methods to analyse their effectiveness and efficiency

Gap analysis techniques as related to information security

Techniques for integrating risk management into business and IT processes

Compliance reporting processes and requirements

Cost/benefit analysis to assess risk treatment options

Domain 3 - Information Security Program Development and Management (25%)

You’ll prove your ability to establish and manage the information security program in alignment with an information security strategy.

Task Statements:

Establish and maintain the information security program in alignment with the information security strategy

Ensure alignment between the information security program and other business functions (for example, human resources [HR], accounting, procurement and IT) to support integration with business processes

Identify, acquire, manage and define requirements for internal and external resources to execute the information security program

Methods for testing the effectiveness and applicability of information security controls

Domain 4 - Information Security Incident Management (18%)

Learn how to plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimise business impact.

Task Statements:

Establish and maintain an organisational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents.

Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents

Develop and implement processes to ensure the timely identification of information security incidents

Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organisational requirements

Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management.

Organise, train and equip teams to effectively respond to information security incidents in a timely manner

Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities

Establish and maintain communication plans and processes to manage communication with internal and external entities

What is a CISM boot camp?

Firebrand’s CISM course (sometimes referred to as a CISM Boot Camp) is an accelerated 4-day course that will prepare you for the CISM exam, which you’ll sit during the training. This course is all-inclusive, a one-off fee covers all official course materials, accommodation and meals.

Accelerated training is fast, but this is not a crash course – you’ll learn from a real-world security expert and study everything you need to know to pass the exam.

Where can I find CISM exam questions?

Where can I find CISM exam dates?

CISM exams only run during three testing windows of eight-week durations. This accelerated course will take place within one of these testing windows and you will be able to sit your exam at the Firebrand Training Centre.

1 October 2018-24 January 2019 Testing Window

1 July 2018 - Registration and Scheduling Opens

18 January 2019 - Final Registration Deadline

1 February-24 May 2019 Testing Window

1 November 2018 - Registration and Scheduling Opens

18 May 2019 - Final Registration Deadline

23 May 2019 - Final Scheduling Deadline

Not sure how to register for the exam? Call us on 080 80 800 888 for advice.

Does this course include a CISM study guide?

This accelerated course includes the official CISM study materials:

CISM Review Manual

CISM Review Questions, Answers and Explanations Manual Supplement

You’ll also receive additional, exclusive curriculum built by Firebrand.

What is the CISM certification cost?

To find out the cost of this accelerated CISM course and others, visit our prices page.

You'll sit the following exam at the Firebrand Training Centre, covered by your Certification Guarantee:

CISM Exam

Duration: 4 hours

Number of questions: 150

Languages: English, Chinese Simplified, Japanese, Korean and Spanish

The CISM exam tests knowledge in the following CISM domains:

Domain 1 - Information Security Governance (24%)

Domain 2 - Information Risk Management (30%)

Domain 3 - Information Security Program Development and Management (27%)

Domain 4 - Information Security Incident Management (19%)

Firebrand is an ISACA ATO. This means you'll have access to official ISACA courseware and will sit your CISM exam at the Firebrand Training Centre during your accelerated course. Plus, if you don't pass first time, you'll be covered by your Certification Guarantee.

ISACA Exam Testing Windows

On your course, you’ll be assessed through Computer-Based Testing (CBT) during three testing windows of 16-week durations. Your accelerated course will take place within one of these testing windows.

1 October 2018-24 January 2019 Testing Window

1 July 2018 - Registration and Scheduling Opens

18 January 2019 - Final Registration Deadline

1 February-24 May 2019 Testing Window

1 November 2018 - Registration and Scheduling Opens

18 May 2019 - Final Registration Deadline

23 May 2019 - Final Scheduling Deadline

Not sure how to register for the exam? Call us on 080 80 800 888 for advice.

Course and Exam Prerequisites

There are no prerequisites for attending the CISM course and sitting the exam. In fact, this is a practice accepted and encouraged by ISACA.

Achieving the CISM Certification

In order to become CISM certified, you must meet the following requirments:

Successfully complete the CISM exam

Adhere to ISACA's Code of Professional Ethics

Agree to comply with the Continuing Education Policy

Work experience in the field of information security.

Submit an Application for CISM Certification - see below

Submitting an Application for CISM Certification

The CISM certification is built for information security professionals, managers and other assurance providers. In order to be eligible, you must be able to submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

Experience Substitutions

The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

Two Years:

Certified Information Systems Auditor (CISA) in good standing

Certified Information Systems Security Professional (CISSP) in good standing

Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

Unsure whether you meet the prerequisites?

Just call us on +33 (0) 181 22 44 68 and speak to one of our enrolment consultants.

Firebrand is an immersive environment and requires commitment. Some prerequisites are simply guidelines; you may find your unique experience, attitude and determination enables you to succeed on your accelerated course.

"Yet another fine course run by a friendly team of people who make you feel very comfortable. This creates a very inclusive learning environment." Philip Sills, MOD. - ISACA CISM Certification (4 jours) (26/2/2018 à 1/3/2018)

"This was my first course at Firebrand and at first I was a bit worried, however I was pleasantly surprised. I will recommend and hope to use Firebrand for my future training!" Fakhar Rathore, Kcom PLC. - ISACA CISM Certification (4 jours) (26/2/2018 à 1/3/2018)

"The training was really interactive, and to have an instructor with a high profile and really good experience provided us with a real good & perfect overview of what we can expect from a CISM." David Rossetti, JP Morgan. - ISACA CISM Certification (4 jours) (1/12/2014 à 4/12/2014)

"An exceptional instructor who brings in his own experiences and broad knowledge to bear in engaging his students and conveying the message sufficiently and accuratley" Buddy Liyanage, Thomas Water. - ISACA CISM Certification (4 jours) (26/11/2012 à 29/11/2012)

"High quality training that delivered all the required ticks in the box. High quality facilities and A grade instructors. This training aligned me in the best possible way for the exam." C.S, MOD. - ISACA CISM Certification (4 jours) (14/11/2011 à 17/11/2011)

"One of the best training courses I have attended. Really helped to prepare me for the exam. The subject was brought to life through real life experiences that were conveyed in an engaging and entertaining way. " Richard Harrison, South West Grid for Learning. - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"I would like to commend Firebrand for choosing the course instructor. It was a pleasure to have been able to receive CISM training from an experienced professional that has real life experience and overwhelming knowledge in the field of Information Security. He is the best instructor I have had the pleasure to meet during my training experiences with Firebrand." Anonyme, MoD - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"I would like to commend Firebrand for choosing the course instructor. It was a pleasure to have been able to receive CISM training from an experienced professional that has real life experience and overwhelming knowledge in the field of Information Security. He was the best instructor I have had the pleasure to meet during my training experiences with Firebrand" Anonyme, MoD - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"Just a quick note to say thanks to the Firebrand team for a great 4 days at Wyboston Lakes. I took the CISM course and the whole experience was very well organised, professional, extremely comfortable and well paced. I will certainly be recommending the course, and specifically Firebrand, to my colleagues at work. " Will Hawkins, Verizon. - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"The instructor made this course for me. His humour plus his wealth of real-world experiences at the top of our profession made for an enjoyable and highly instructive few days." Tom Mellor, IBM. - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"The trainer was very knowledgeable about all the areas we were studying - his ability to give real-world examples really helped to set the tone of the training." A.H. - ISACA CISM Certification (4 jours) (28/11/2011 à 1/12/2011)

"An excellent course presented by a professional who had actual experience of the subject matter. The accommodation had everything needed to make the stay pleasant, and the catering was really good. Really believe ready for exam now!" Tina Cousins, IBM UK LTD. - ISACA CISM Certification (4 jours) (14/11/2011 à 17/11/2011)

"Firebrand is a complete training company, although anyone can self study, the quality of instructor and the context in which the lectures took place where, in my opinion, more valuable than certification" Brad Moore, MWR Infosecurity. - ISACA CISM Certification (4 jours) (31/5/2011 à 3/6/2011)